Binance Releases Secure Asset Fund for Users (SAFU) After Syscoin Attack
Popular cryptocurrency exchange Binance has announced the creation of a fund developed for user safety called “Secure Asset Fund for Users (SAFU)” after the recent trading irregularities that led to one Syscoin (SYS), worth about $0.26, to be purchased for 96 bitcoins.
Binance announced in an update that the irregular trades the exchange identified came from a several of its API users and that these caused its internal risk management system to activate.
After the system was activated, the company then proceeded to temporarily stop trading, withdrawals, and other operations until it determined what the cause was. Since the issue came from users’ API keys, these were removed and required its users to recreate their keys.
The incident had an impact on the trading pairs of Syscoin, a cryptocurrency that has more than 90 percent of its trading volume on Binance. While the token is currently priced at $0.24, the trading issues change the coin’s value for one trader to 96 BTC.
The announcement states that it’ll rollback all irregular trades, and reimburse the traders that were negatively affected by giving them zero-fee trading from July 5 to 14. The rest of Binance’s users will be given a 70 percent refund in BNB, a crypto coin that’s been resisting the negative market tendency, on trading fees that will be paid in this time interval.
The exchange also mentioned that in order to “protect the future interests of all users,” it has started the creation of a Security Digital Asset Fund for Users (SAFU). The post stated the following:
“Starting from 2018/07/14, we will allocate 10% of all trading fees received into SAFU to offer protection to our users and their funds in extreme cases. This fund will be stored in a separate cold wallet.”
The update concluded that its main values are the protection of its users and that due to the recent massive increase it was expected that challenges would occur. To handle these challenges, the exchange encourages its community to post comments and suggestions.
Several analysts believe the Syscoin pump wasn’t a coincidence, and that someone could’ve been trying to manipulate the market done with a third-party trading bot that could access API keys. By controlling the bot, the bad actors could’ve just used a number of accounts to pump SYS, and then sell their coins at the increased price.
This attack method reveals neither Binance nor SYS’ blockchain were hacked, but a third party. Whether the attackers succeeded in cashing out their funds is still yet unknown, although it is supposed that Binance was able to stop them as it’s rolling back irregular trades.
The exchange asked users to refrain from creating an API key if they don’t plan on using them regularly and to not share their keys with any third-party service providers. To increase security, it advises its users to activate its “IP whitelist” functionality, to confirm they’re the only ones that can access the API keys.
This is not the first malicious attack that Binance has managed to avert. The company managed to prevent a large-scale hacking attempt earlier this year, in which hackers tried to manipulate the price of Viacoin (VIA) in a similar manner.
In the latter attack, the hackers employed phished accounts to pump Viacoin’s price, so they could sell their token for BTC and then withdraw the amount. The irregular pump activated Binance’s security systems, which stopped withdrawals and made the hackers fail in their attempt.